[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RemailerNet v0.2



I'm glad to see Jim's description of his RemailerNet v0.2.  I still
have a few questions, though.

What is the goal of the RN as far as defeating traffic analysis?  Is it
just to get messages from one "gateway" to another?  Or is there also
a desire to prevent traffic analysis from one non-gateway end user to
another?

What are the allowed capabilities of the opponent?  Can he watch all of
the links?  Can he subvert some gateways?

Does every user expose the source and destination information of his
messages to the initial gateway?  What other information is sent by the
user to the RN?

Are there any limitations on the information which spreads through the
RN?  E.g. are gateways allowed to send source/dest information
along with the messages?

Here are some questions related to Jim's specific points:

>1.6 the order of dispatch of packets is randomized
For 1.5 you defined what randomized means.  What does it mean here?

>1.7 on average, all gateways are required to send and receive the same
>    number of packets per unit of chronological time
Do you mean that all gateways send the same number of packets per time
all the time?  E.g. all gateways send 100 packets per hour all the time

>1.8 the dispatch randomization function adjusts the average latency
>    and the distribution of latencies so that the preceding commitment
>    is met, introducing noise packets as required
This could be accomplished by adding no latency at all during times when
the incoming traffic load happens to equal the desired internal traffic
level.  But presumably some latency is actually used to provide reordering.
What rule would determine how much latency would be used in that case?

>1.10 gateways are required to exchange the same number of packets in
>     any session
What is a session?  Do you mean, during every session exactly (say) 1000
packets will be exchanged, or do you mean, during any session the
number of packets exchanged by each gateway will equal the number ex-
changed by every other gateway (but this number may vary from session to
session)?

>2.4 message delivery is reliable, in the sense that the destination
>    gateway will report delivery of incomplete or damaged messages
>    to the gateway
To which gateway?  The source gateway?

>4.2 where gateways are operated by users, the requirement that gateways
>    should exchange the same number of packets per unit time would be
>    weakened in some as yet unspecified way
Why do this?

>5.1 in either case, users may have accounts with gateways and may be
>    charged for usage
What gateways would be in a position to charge users?  Only the source
gateway?  The destination gateway?  Others in between?

>6.0 RN gateway software should be available only from trusted sites by FTP
What are you trying to prevent by this, and what would happen if someone
wrote his own version of the RN software?

>7.1 established gateways would be encouraged to rate new gateways
What kind of information would be available to them to create the ratings?